Читаем CISSP Practice полностью

The quality of service (QoS) is the handling capacity of a system or service. (1) It is the time interval between request and delivery of a message, product, or service to the client or customer. (2) It is the guaranteed throughput level expressed in terms of data transfer rate. (3) It is the performance specification of a computer communications channel or system. (4) It is measured quantitatively in terms of performance parameters such as signal-to-noise ratio, bit error ratio, message throughput rate, and call blocking probability. (5) It is measured qualitatively in terms of excellent, good, fair, poor, or unsatisfactory for a subjective rating of telephone communications quality in which listeners judge the transmission quality. (6) It is a network property that specifies a guaranteed throughput level for end-to-end services, which is critical for most composite Web services in delivering enterprise-wide service-oriented distributed systems. (7) It is important in defining the expected level of performance a particular Web service will have. (8) It is the desired or actual characteristics of a service but not always those of the network service. (9) It is the measurable end-to-end performance properties of a network service, which can be guaranteed in advance by a service-level agreement (SLA) between a user and a service provider, so as to satisfy specific customer application requirements. Examples of performance properties include throughput (bandwidth), transit delay (latency), error rates, priority, security, packet loss, and packet jitter. Note that QoS is related to quality of protection (QoP) and DoS which, in turn, is related to DoQ.

Quick mode

Mode used in IPsec phase 2 to negotiate the establishment of an IPsec security association (SA).

Quantum computing

Performed with a quantum computer using quantum science concepts (for example, superposition and entanglement) to represent data and perform computational operations on these data. Quantum computing is based on a theoretical model such as a Turing machine and is used in military research and information security purposes (for example, cryptanalysis) with faster algorithms. It deals with large word size quantum computers in which the security of integer factorization and discrete log-based public-key cryptographic algorithms would be threatened. This would be a major negative result for many cryptographic key management systems, which rely on these algorithms for the establishment of cryptographic keys. Lattice-based public-key cryptography would be resistant to quantum computing threats.

Quantum cryptography

It is related to quantum computing technology, but viewed from a different perspective. Quantum cryptography is a possible replacement for public key algorithms that hopefully will not be susceptible to the attacks enabled by quantum computing.

Quarantine

To store files containing malware in isolation for future disinfection or examination.

R

Race conditions

Race conditions can occur when a program or process has entered into a privileged mode but before the program or process has given up its privileged mode. A user can time an attack to take advantage of this program or process while it is still in the privileged mode. If an attacker successfully manages to compromise the program or process during its privileged state, then the attacker has won the “race.” Common race conditions occur in signal handling and core-file manipulation, time-of-check to time-of-use (TOC-TOU) attacks, symbolic links, and object-oriented programming errors.

Radio frequency identification (RFID)

It is a form of automatic identification and data capture that uses electric or magnetic fields at radio frequencies to transmit information in a supply chain system.

Rainbow attacks

Rainbow attacks occur in two ways: using rainbow tables, which are used in password cracking, and using preshared keys (PSKs) in a wireless local-area network (WLAN) configuration. Password cracking threats include discovering a character string that produces the same encrypted hash as the target password. In PSK environments, a secret passphrase is shared between base stations and access points, and the keys are derived from a passphrase that is shorter than 20 characters, which are less secure and subject to dictionary and rainbow attacks.

Rainbow tables

Rainbow tables are lookup tables that contain pre-computed password hashes, often used during password cracking. These tables allow an attacker to crack a password with minimal time and effort.

Random access memory (RAM)

A place in the central processing unit (CPU) of a computer where data and programs are temporarily stored during computer processing.

Random number generator (RNG)